Skip to content
Photo of Marty Hansen

Marty Hansen

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues, including related to artificial intelligence. Martin has extensive experience in advising clients on matters arising under EU and U.S. law, UK law, the World Trade Organization agreements, and other trade agreements.

On 22 September 2021, the UK Government published its 10-year strategy on artificial intelligence (“AI”; the “UK AI Strategy”).

The UK AI Strategy has three main pillars: (1) investing and planning for the long-term requirements of the UK’s AI ecosystem; (2) supporting the transition to an AI-enabled economy
Continue Reading The UK Government Publishes its AI Strategy

Covington’s four-part video series offers snapshot briefings on key emerging trends in UK Competition Law. In part three, James Marshall and Sophie Albrighton discuss digital markets, one of the key areas of focus of competition authorities around the world today, including in the UK. They are joined by guest speaker 


Continue Reading Emerging Trends in UK Competition Law Vlog Series – Part III: Digital Markets

Three summits last week—G-7, NATO, and U.S.-EU—launched a wide range of transatlantic initiatives to coordinate policy, particularly on trade, technology, and defense. These new formats and dialogues can ensure a much deeper level of regulatory cooperation between the United States and Europe by exchanging perspectives, briefing materials, and in some cases, staff. For companies on both sides of the Atlantic, these emerging policy trends also open up new opportunities to engage decision-makers both in Washington and European capitals.
Continue Reading Transatlantic Summits: Main Takeaways for Tech and Defense

In April 2021, the European Commission released its proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the “Regulation”), which would establish rules on the development, placing on the market, and use of artificial intelligence systems (“AI systems”) across the EU. The proposal, comprising 85 articles and nine annexes, is part of a wider package of Commission initiatives aimed at positioning the EU as a world leader in trustworthy and ethical AI and technological innovation.

The Commission’s objectives with the Regulation are twofold: to promote the development of AI technologies and harness their potential benefits, while also protecting individuals against potential threats to their health, safety, and fundamental rights posed by AI systems. To that end, the Commission proposal focuses primarily on AI systems identified as “high-risk,” but also prohibits three AI practices and imposes transparency obligations on providers of certain non-high-risk AI systems as well. Notably, it would impose significant administrative costs on high-risk AI systems of around 10 percent of the underlying value, based on compliance, oversight, and verification costs. This blog highlights several key aspects of the proposal.

Definition of AI systems (Article 3)

The Regulation defines AI systems as software using one or more “techniques and approaches” and which “generate outputs such as content, predictions, recommendations or decisions influencing the environments they interact with.” These techniques and approaches, set out in Annex I of the Regulation, include machine learning approaches; logic- and knowledge- based approaches; and “statistical approaches, Bayesian estimation, [and] search and optimisation methods.” Given the breadth of these terms, a wide range of technologies could fall within scope of the Regulation’s definition of AI.

Territorial scope (Article 2)

The Regulation would apply not only to AI systems placed on the market, put into service, or used in the EU, but also to systems, wherever marketed or used, “where the output produced by the system is used in the Union.” The latter requirement could raise compliance challenges for suppliers of AI systems, who might not always know, or be able to control, where their customers will use the outputs generated by their systems.

Prohibited AI practices (Article 5)

The Regulation prohibits certain AI practices that are deemed to pose an unacceptable level of risk and contravene EU values. These practices include the provision or use of AI systems that either deploy subliminal techniques (beyond a person’s consciousness) to materially distort a person’s behaviour, or exploit the vulnerabilities of specific groups (such as children or persons with disabilities), in both cases where physical or psychological harm is likely to occur. The Regulation also prohibits public authorities from using AI systems for “social scoring”, where this leads to detrimental or unfavourable treatment in social contexts unrelated to the contexts in which the data was generated, or is otherwise unjustified or disproportionate. Finally, the Regulation bans law enforcement from using ‘real-time’ remote biometric identification systems in publicly accessible spaces, subject to certain limited exceptions (such as searching for crime victims, preventing threat to life or safety, or criminal law enforcement for significant offenses).

Classification of high-risk AI systems (Article 6)

The Regulation classifies certain AI systems as inherently high-risk. These systems, enumerated exhaustively in Annexes II and III of the Regulation, include AI systems that are, or are safety components of, products already subject to EU harmonised safety regimes (e.g., machinery; toys; elevators; medical devices, etc.); products covered by other EU legislation (e.g., motor vehicles; civil aviation; marine equipment, etc.); and AI systems that are used in certain specific contexts or for specific purposes (e.g.; for biometric identification; for educational or vocational training, etc.).


Continue Reading European Commission Proposes New Artificial Intelligence Regulation


Continue Reading AI Update: The Council of Europe Publishes Feasibility Study on Developing a Legal Instrument for Ethical AI

On 25 November 2020, the European Commission published a proposal for a Regulation on European Data Governance (“Data Governance Act”).  The proposed Act aims to facilitate data sharing across the EU and between sectors, and is one of the deliverables included in the European Strategy for Data, adopted in February 2020.  (See our previous blog here for a summary of the Commission’s European Strategy for Data.)  The press release accompanying the proposed Act states that more specific proposals on European data spaces are expected to follow in 2021, and will be complemented by a Data Act to foster business-to-business and business-to-government data sharing.The proposed Data Governance Act sets out rules relating to the following:
  • Conditions for reuse of public sector data that is subject to existing protections, such as commercial confidentiality, intellectual property, or data protection;
  • Obligations on “providers of data sharing services,” defined as entities that provide various types of data intermediary services;
  • Introduction of the concept of “data altruism” and the possibility for organisations to register as a “Data Altruism Organisation recognised in the Union”; and
  • Establishment of a “European Data Innovation Board,” a new formal expert group chaired by the Commission.

Conditions for reuse of public sector data (Chapter II, Articles 3-8)

Chapter II of the Data Governance Act would impose conditions on public-sector bodies when they make certain protected data that they hold available for re-use.  These provisions apply to data held by public-sector bodies that are protected on grounds of commercial or statistical confidentiality, intellectual property rights, or personal data protection.  The Act does not impose new obligations on public-sector bodies to allow re-use of data and does not release them from their existing legal obligations with respect to data.  But if public-sector bodies do make protected data available for re-use, they must comply with the conditions set out in Chapter II.

Specifically, the Act prohibits public-sector bodies from granting exclusive rights in data or restricting the availability of data for re-use by entities other than the parties to such exclusive agreements, with limited derogations.  In addition, if a public-sector body grants or refuses access for the re-use of data, it must ensure that the conditions for such access (or refusal) are non-discriminatory, proportionate, and objectively justified, and must make those conditions publicly available. The Act also provides that public bodies “shall” impose conditions “that preserve the functioning of the technical systems” used to process such data, and authorizes the Commission to adopt implementing acts declaring that third countries to which such data may be transferred provide IP and trade secret protections that are “essentially equivalent” to those in the EU.

In addition, where specific EU acts establish that certain non-personal data categories held by public-sector bodies are  “highly sensitive,” such data may be subject to restrictions on cross-border transfers, as specified by the Commission through delegated acts.

Obligations on “providers of data sharing services” (Chapter III, Articles 9-14)

Chapter III of the Act introduces new rules for the operation of data intermediaries, termed “providers of data sharing services”.  Specifically, it would establish a notification and compliance framework for providers of the following data sharing services:

  • Intermediation services between data holders and data users, which include platforms or databases enabling the exchange or joint exploitation of data, such as industry data spaces;
  • Intermediation services between data subjects that seek to make their personal data available and potential data users; and
  • “Data cooperative” services that support individuals or SMEs to negotiate terms and conditions for data processing.

The Act set out several requirements that providers of these data sharing services would need to comply with, including:

  • Notifying the relevant EU Member State authority of its intent to provide such services;
  • Appointing a legal representative in one of the Member States, if the company is not established within the EU;
  • Not using the data collected for other purposes, and using any metadata only for the development of that service;
  • Placing its data sharing service in a “separate legal entity” from its other services;
  • Having in place adequate security safeguards; and
  • Imposing a fiduciary duty towards data subjects to act in their best interests.

Continue Reading The European Commission publishes a proposal for a Regulation on European Data Governance (the Data Governance Act)

On October 3, 2019, the United States and United Kingdom signed an agreement on cross-border law enforcement demands for data from service providers (“Agreement”). The Agreement is the first bilateral agreement to be entered under the Clarifying Lawful Overseas Use of Data (CLOUD) Act. It obligates each Party to


Continue Reading U.S. and U.K. Sign CLOUD Act Agreement

Note: This post is the third in a series of posts on the final text of the Trans-Pacific Partnership (TPP) by Covington’s International and Public Policy lawyers.  The final TPP text, which was released on November 5, 2015, is available here.  TPP is not expected to enter into force
Continue Reading What’s New in the TPP’s Intellectual Property Chapter